System Preferences must be securely configured so IPv6 is turned off if not being used.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-58459 | AOSX-09-001240 | SV-72889r1_rule | Medium |
| Description |
|---|
| Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled. |
| STIG | Date |
|---|---|
| Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-59301r1_chk ) |
|---|
| Run the following command to check if IPv6 is enabled on any network interfaces: sudo networksetup -listallnetworkservices | (while read dev; do echo "$dev"; networksetup -getinfo "$dev" | grep IPv6:; echo ; done) If there is an enabled network interface without the setting 'IPv6: Off' and it does not require IPv6, this is a finding. |
| Fix Text (F-63789r1_fix) |
|---|
| Run the following command to turn off IPv6 addressing for the Ethernet interface: sudo networksetup -setv6off 'Ethernet' Repeat this command for each enabled interface, interface names are case sensitive. |